US9792459B2ActiveUtilityA1
Flexible policy arbitration control suite
Est. expiryApr 29, 2033(~6.8 yrs left)· nominal 20-yr term from priority
Inventors:Sean M. ForsbergScott ObergChristopher S. LockettHassen SaidiJeffrey E. CasperMichael Deleo
H04L 63/08G06F 21/00G06F 21/74H04W 12/06G06F 2221/2101G06F 9/542H04W 12/08G06F 21/575G06F 21/60H04L 63/20H04W 12/35
85
PatentIndex Score
9
Cited by
41
References
21
Claims
Abstract
A policy arbitration system manages the fundamental communications and isolation between executable components and shared system resources of a computing device, and controls the use of the shared resources by the executable components. Some versions of the policy arbitration system operate on a virtualized mobile computing device to dynamically compile and implement policy rules that are issued periodically by multiple different independent execution environments that are running on the computing device. Semi-dynamic policy changes allow for context enabled policy changes that enforce the desired system and component “purpose” while simultaneously denying the “anti-purpose”.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. A computing device for use with multiple user-level execution environments wherein the environments are isolated from one another to simultaneously protect personal privacy and enterprise security while enabling data sharing, the computing device comprising:
one or more hardware processors; and
one or more machine accessible storage media having embodied therein a policy arbitration system and a plurality of independently executable domains executable by the one or more processors, wherein:
the policy arbitration system is executable to manage access to one or more shared system resources by the plurality of independently executable domains;
each of the plurality of independently executable domains having domain-specific policies including use purpose contexts that are unknown to the other independently executable domains, wherein the use purpose contexts are indicative of a personal or non-personal use, wherein a personal use context pertains to at least one domain in which there is a higher need to share information than a domain having a non-personal use context, and wherein the non-personal use context pertains to at least one domain in which there is a higher need to protect information than a domain having the personal use context domain; and
the policy arbitration system is executable to determine and enforce, autonomously, dynamically in response to an event trigger, a least restrictive combination of the domain-specific policies that enables the plurality of independently executable domains to execute on the computing device for a use purpose context of one of the independently executable domains without violating the domain-specific policies of any other ones of the plurality of independently executable domains,
wherein the determination of the least restrictive combination of domain-specific policies includes analyzing candidate policy implementations associated with the plurality of domains and executable to effectuate defined purposes of the domains, wherein the defined purpose specifies the permitted use purpose context of one or more shared system resources of the computing device, and selecting a least restrictive candidate policy implementation that does not conflict with any of the defined purposes of the domains.
2. The computing device of claim 1 , wherein the policy arbitration system is executable independently of any operating system of the computing device and independently of the plurality of domains.
3. The computing device of claim 1 , wherein each of the domain specific policies includes a defined purpose and an anti-purpose, wherein the purpose identifies a desired functionality of the computing device for a domain of the plurality of independently executable domains, and the anti-purpose defines an undesired functionality of the computing device resulting from the functionality of the purpose.
4. The computing device of claim 1 , wherein each of the plurality of domains is memory-isolated from the other domains and from the policy arbitration system.
5. The computing device of claim 1 , wherein the one or more machine accessible storage media comprises a trusted protected memory and the policy arbitration system resides in the trusted protected memory.
6. The computing device of claim 1 , wherein the computing device comprises a mobile device having a virtualized system architecture enabling the policy arbitration system.
7. The computing device of claim 1 , wherein the plurality of domains communicate with the policy arbitration system and with the one or more shared system resources only through well-defined, secure communication channels.
8. A method for controlling access to one or more shared system resources of a computing device by a plurality of peer domains each having a defined use purpose context that is unknown to the other domains, each of the domains executable independently of the other domains and to request access to the one or more shared system resources, the method comprising, with the computing device:
maintaining, independently of the domains, a set of domain-specific policies governing operation of the computing device, the set of domain-specific policies comprising, for each of the domains, at least one policy implementation that effectuates the defined use context purpose of the domain without conflicting with the defined use purpose context of any of the other domains on the computing device;
in autonomous response to an event trigger, executing at least one of the policy implementations implicated by the event trigger, wherein the use purpose context is indicative of a personal or non-personal use, wherein a personal use context pertains to at least one domain in which there is a higher need to share information than a domain having a non-personal use context, and wherein the non-personal use context pertains to at least one domain in which there is a higher need to protect information than a domain having the personal use context domain; and
for each of the domains, selecting a least restrictive policy implementation from a plurality of candidate policy implementations, wherein the least restrictive policy implementation effectuates the defined purpose of the domain in a least restrictive way without conflicting with the defined purpose of any of the other domains on the computing device, and executing the selected policy implementation in response to the event trigger,
wherein a policy arbitration system is executable to determine and enforce the least-restrictive combination of the domain-specific policies dynamically in response to an event trigger.
9. The method of claim 8 , comprising associating a value with each of the candidate policy implementations and determining the least restrictive policy implementation based on the value.
10. The method of claim 8 , comprising generating the set of domain-specific policies from one or more conversational natural language statements of the defined purpose for each of the domains.
11. The method of claim 10 , comprising, for each domain, creating a policy artifact, wherein the policy artifact comprises a machine-readable semantic representation of the one or more conversational natural language statements of the defined purpose of the domain.
12. The method of claim 11 , comprising comparing the policy artifact of each domain to the policy artifact of each of the other domains and determining if any of the policy artifacts conflict.
13. The method of claim 11 , wherein, for each domain, the policy artifact comprises a set of candidate policy implementations, wherein each of the candidate policy implementations effectuates the purpose of the domain in a different manner.
14. The method of claim 13 , comprising associating an event trigger with each of the candidate policy implementations.
15. The method of claim 14 , wherein each of the candidate policy implementations specifies an action to be taken by the computing device with regard to one or more of the shared system resources in response to the associated trigger event.
16. A policy arbitration system for a computing device for use with multiple user-level execution environments wherein the environments are isolated from one another to simultaneously protect personal privacy and enterprise security while enabling data sharing, wherein the computing device is configured with a plurality of domains that are independently executable on the computing device to request access to one or more shared system resources of the computing device, the policy arbitration system comprising:
one or more processors; and
a non-transitory computer-readable medium comprising a plurality of instructions executable by one or more processors to:
analyze a set of candidate policy implementations, each of the candidate policy implementations being associated with one of the plurality of domains and executable to effectuate a defined purpose of the associated domain, the defined purpose specifying a permitted use purpose context of one or more shared system resources of the computing device;
select, from the set of candidate policy implementations, a least restrictive candidate policy implementation that does not conflict with any of the defined purposes of the domains; and
compile and autonomously enforce the selected policy implementation to govern the operation of the computing device across all of the domains, including to control access to the one or more shared system resources of the computing device if the policy implementation is implicated by an event trigger;
wherein the use purpose context is indicative of a personal or non-personal use, wherein a personal use context pertains to at least one unclassified domain a non-personal use context pertains to at least one classified domain.
17. The policy arbitration system of claim 16 , wherein the computing device comprises a first domain and a second domain of the plurality of domains, wherein each of the first and second domain are executable independently of the other and each are to request access to one or more shared system resources of the computing device, and the plurality of instructions are executable to compare candidate policy implementations of the first and second domains and determine a least restrictive combination of the candidate policy implementations of the first domain and the second domain to enforce on the computing device.
18. The policy arbitration system of claim 16 , wherein each of the candidate policy implementations comprises one or more rule chains each comprising one or more rules associated with the event trigger, and the plurality of instructions are executable to backward traverse the rule chains to determine if a conflict exists between the compared candidate policy implementations.
19. The policy arbitration system of claim 16 , wherein the plurality of instructions are executable to determine a value associated with each of the candidate combinations of policy implementations and select the least restrictive combination of policy implementations based on the determined value.
20. The policy arbitration system of claim 16 , wherein the policy arbitration system is embodied as one or more extensions to an Application Programming Interface (API).
21. The policy arbitration system of claim 16 , wherein the policy arbitration system is embodied as a trusted component of a mobile computing device having a virtualized system architecture.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.